| Message ID | 1628527136-2478-15-git-send-email-ross.philipson@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86: Trenchboot secure dynamic launch Linux kernel support | expand |
On Mon, Aug 09, 2021 at 12:38:56PM -0400, Ross Philipson wrote: > The Secure Launch MLE environment uses PCRs that are only accessible from > the DRTM locality 2. By default the TPM drivers always initialize the > locality to 0. When a Secure Launch is in progress, initialize the > locality to 2. > > Signed-off-by: Ross Philipson <ross.philipson@oracle.com> > --- > drivers/char/tpm/tpm-chip.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c > index ddaeceb..48b9351 100644 > --- a/drivers/char/tpm/tpm-chip.c > +++ b/drivers/char/tpm/tpm-chip.c > @@ -23,6 +23,7 @@ > #include <linux/major.h> > #include <linux/tpm_eventlog.h> > #include <linux/hw_random.h> > +#include <linux/slaunch.h> > #include "tpm.h" > > DEFINE_IDR(dev_nums_idr); > @@ -34,12 +35,20 @@ > > static int tpm_request_locality(struct tpm_chip *chip) > { > - int rc; > + int rc, locality; int locality; int rc; > > if (!chip->ops->request_locality) > return 0; > > - rc = chip->ops->request_locality(chip, 0); > + if (slaunch_get_flags() & SL_FLAG_ACTIVE) { > + dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n"); > + locality = 2; > + } else { > + dev_dbg(&chip->dev, "setting TPM locality to 0\n"); > + locality = 0; > + } Please, remove dev_dbg()'s. > + > + rc = chip->ops->request_locality(chip, locality); > if (rc < 0) > return rc; > > -- > 1.8.3.1 /Jarkko
On 8/10/21 12:21 PM, Jarkko Sakkinen wrote: > On Mon, Aug 09, 2021 at 12:38:56PM -0400, Ross Philipson wrote: >> The Secure Launch MLE environment uses PCRs that are only accessible from >> the DRTM locality 2. By default the TPM drivers always initialize the >> locality to 0. When a Secure Launch is in progress, initialize the >> locality to 2. >> >> Signed-off-by: Ross Philipson <ross.philipson@oracle.com> >> --- >> drivers/char/tpm/tpm-chip.c | 13 +++++++++++-- >> 1 file changed, 11 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c >> index ddaeceb..48b9351 100644 >> --- a/drivers/char/tpm/tpm-chip.c >> +++ b/drivers/char/tpm/tpm-chip.c >> @@ -23,6 +23,7 @@ >> #include <linux/major.h> >> #include <linux/tpm_eventlog.h> >> #include <linux/hw_random.h> >> +#include <linux/slaunch.h> >> #include "tpm.h" >> >> DEFINE_IDR(dev_nums_idr); >> @@ -34,12 +35,20 @@ >> >> static int tpm_request_locality(struct tpm_chip *chip) >> { >> - int rc; >> + int rc, locality; > > int locality; > int rc; Will do. > >> >> if (!chip->ops->request_locality) >> return 0; >> >> - rc = chip->ops->request_locality(chip, 0); >> + if (slaunch_get_flags() & SL_FLAG_ACTIVE) { >> + dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n"); >> + locality = 2; >> + } else { >> + dev_dbg(&chip->dev, "setting TPM locality to 0\n"); >> + locality = 0; >> + } > > Please, remove dev_dbg()'s. Will do. Thanks Ross > >> + >> + rc = chip->ops->request_locality(chip, locality); >> if (rc < 0) >> return rc; >> >> -- >> 1.8.3.1 > > /Jarkko >
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index ddaeceb..48b9351 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -23,6 +23,7 @@ #include <linux/major.h> #include <linux/tpm_eventlog.h> #include <linux/hw_random.h> +#include <linux/slaunch.h> #include "tpm.h" DEFINE_IDR(dev_nums_idr); @@ -34,12 +35,20 @@ static int tpm_request_locality(struct tpm_chip *chip) { - int rc; + int rc, locality; if (!chip->ops->request_locality) return 0; - rc = chip->ops->request_locality(chip, 0); + if (slaunch_get_flags() & SL_FLAG_ACTIVE) { + dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n"); + locality = 2; + } else { + dev_dbg(&chip->dev, "setting TPM locality to 0\n"); + locality = 0; + } + + rc = chip->ops->request_locality(chip, locality); if (rc < 0) return rc;
The Secure Launch MLE environment uses PCRs that are only accessible from the DRTM locality 2. By default the TPM drivers always initialize the locality to 0. When a Secure Launch is in progress, initialize the locality to 2. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- drivers/char/tpm/tpm-chip.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)